"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Mikhail <mp39590@gmail.com>
Subject:
gotd: unveil in PROFILE builds
To:
gameoftrees@openbsd.org
Date:
Mon, 1 May 2023 21:25:50 +0300

Download raw body.

Thread
apply_unveil_none() hides whole file system and it makes getpwuid fail
in PROFILE builds

diff /home/misha/work/got
commit - c000aa350eac5ac329beb278a513e5f978d2a463
path + /home/misha/work/got
blob - 23fb7de78a4d49528a35ce6f683badab359d83bc
file + gotd/gotd.c
--- gotd/gotd.c
+++ gotd/gotd.c
@@ -1667,6 +1667,7 @@ static void
 		fatal("unveil");
 }
 
+#ifndef PROFILE
 static void
 apply_unveil_none(void)
 {
@@ -1676,6 +1677,7 @@ apply_unveil_none(void)
 	if (unveil(NULL, NULL) == -1)
 		fatal("unveil");
 }
+#endif
 
 static void
 apply_unveil_selfexec(void)
@@ -1841,12 +1843,12 @@ main(int argc, char **argv)
 #ifndef PROFILE
 		if (pledge("stdio sendfd unix unveil", NULL) == -1)
 			err(1, "pledge");
-#endif
 		/*
 		 * Ensure that AF_UNIX bind(2) cannot be used with any other
 		 * sockets by revoking all filesystem access via unveil(2).
 		 */
 		apply_unveil_none();
+#endif
 
 		listen_main(title, fd, gotd.connection_limits,
 		    gotd.nconnection_limits);
@@ -1856,7 +1858,6 @@ main(int argc, char **argv)
 #ifndef PROFILE
 		if (pledge("stdio getpw recvfd unix unveil", NULL) == -1)
 			err(1, "pledge");
-#endif
 		/*
 		 * We need the "unix" pledge promise for getpeername(2) only.
 		 * Ensure that AF_UNIX bind(2) cannot be used by revoking all
@@ -1864,6 +1865,7 @@ main(int argc, char **argv)
 		 * files will still work since "getpw" bypasses unveil(2).
 		 */
 		apply_unveil_none();
+#endif
 
 		auth_main(title, &gotd.repos, repo_path);
 		/* NOTREACHED */